my question is related to security within the cloud. What is the reality of security because any where i see it's just suggestions to strengthen the security with respect to platform, infrastructure or Information itself. But i want to know what is current security reality in the cloud because of which many IT guru's call it just a buzz word and not more than that.

Answer Wiki

Here’s how I look at security on the cloud as far as passwords go… I want the same password policy for the cloud as I would for any other public (external) facing service. “The Cloud” is, for now, a buzzword. You have public clouds and private clouds, private containing some of the same services we’ve made available for years now. When going public though you need to look at certain areas of security such as who owns the data and what are the policies regarding deletion, backup retention periods, things of that nature. Don’t forget to look at the same things you would look at with a local service when debating on the cloud and look at all security concerns as a service that is 100% public facing service and how you would handle them.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States.
Privacy

Processing your response...

Discuss This Question: 7 &nbspReplies

There was an error processing your information. Please try again later.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States.
Privacy

Everything you said may be true but what i am trying to ask is " Trust or Security". In cloud computing when anyone talks they talk about what should be done and due to outsourcing talks about trust, so it means there is no security in reality and all this is built on trust??

There is security in the cloud, but this can be done in a number of different methods. First is data classification (is the information you are going to trust/store on a third party cloud important to your business - ie. will it cause a CNN moment where your company will be named as having lost customer information). If the information you are going to be storing on the cloud is not customer critical, maybe it is a sales website which has information about the products or services your company offers and a method of contact, a webform that sends an email to a generic company email box then there is little risk. Now if the data is important such as customer credit card information, health information or any number of other items that might fall under one regulation or another then you will want to encrypt the data, but data in motion (when you are sending the data to the cloud provider) and data at rest (the physical disks that the data resides on in the cloud provider's data center). There are also the hybrid approach where you are using the cloud provider to handle peak loads as opposed to regular processing of your company transactions. Again this is not any easy question to answer and the answer is different for each organization based on the regulations they are restricted by and if you are a large multi-national corporation then you will have to address other issues as well for laws that apply to specific countries.

Same as using any 3rd party service including applications, cloud, website hosting or even banking use the resources you have to find information about reputation, policies, past actions and anything else you can find. There is always an element of trust but you have to limit the "trust" factor with facts. If you use a payroll application, you will research the company to ensure that they are not sharing information they shouldn't be. Use this mentality when choosing a cloud provider.

Same as using any 3rd party service including...
...including anti-virus or firewalls (hardware and software) or operating systems or...
Exactly right. Since the days of the Z-80, perhaps, nearly everything has been founded on "trust". The sheer volume of details in any significant system obviates assertion of "security".
How many of the past 12 months went by without disclosure of a single new zero-day vulnerability somewhere? Of all the software and hardware that has been shown to have vulnerabilities in the past five years, how many were generally thought of as "secure"? (Vulnerabilities are seldom reported against things that aren't considered generally to be secure in the first place -- there's no point.)
Trust is likely to be at the bottom of everything for some time to come.
Tom

but why people tend to discuss high security and high reliability/availability on the same time. It is evident from past experience that to achieve high security you have to compromise reliability/availability at some point. It is not possible to have high security with high reliable and available system. Like take an example of a bus, if you want to build a bus that can reduce road accidents than you have to compromise something to make it safe but instead we want to compromise security to get to destination as quick as possible. So how is it possible to achieve all that security in theory told by "IT guru's" without compromising anything?????

That's the wonderful thing about working in IT. Finding the path which opens up as many resources as possible to users without being a hassle to use, while keeping it as safe as possible all while being expected to make more available and have a perfectly secure environment. It's a bumpy road if you don't know what your in for or try to make everyone happy. Making those decisions can be tough and making others understand is even harder. You can run security like the airlines and not be concerned for usability making safety your only concern, or like Facebook and let information fly freely to make sharing it easy. The correct route though is to make a plan, identify the areas most important address them and be aware of vulnerabilities are to monitor them for any threats.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States.
Privacy

Processing your reply...

Ask a Question

Free Guide: Managing storage for virtual environments

Complete a brief survey to get a complimentary 70-page whitepaper featuring the best methods and solutions for your virtual environment, as well as hypervisor-specific management advice from TechTarget experts. Don’t miss out on this exclusive content!

To follow this tag...

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States.
Privacy